Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
57
GitHub Actions
50
Go
3,767
Maven
5,000+
npm
5,000+
NuGet
937
pip
4,999
Pub
13
RubyGems
1,058
Rust
1,347
Swift
54
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
Mattermost fails to use consistent error responses when handling the /mute command Moderate
CVE-2026-21386 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake Moderate
CVE-2026-26315 was published for github.com/ethereum/go-ethereum (Go) Feb 18, 2026
fengjian Credited to fengjian
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login Moderate
CVE-2026-23849 was published for github.com/filebrowser/filebrowser (Go) Jan 21, 2026
GUCHIHACKER Credited to GUCHIHACKER and hacdias hacdias hacdias
Zitadel has a user enumeration vulnerability in Login UIs Moderate
CVE-2026-23511 was published for github.com/zitadel/zitadel (Go) Jan 15, 2026
IAM-marco Credited to IAM-marco, livio-a, and mntns livio-a livio-a
mntns mntns
OpenBao has a Timing Side-Channel in the Userpass Auth Method Low
CVE-2025-54999 was published for github.com/openbao/openbao (Go) Aug 8, 2025
Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users Low
CVE-2025-6011 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
ZITADEL "ignoring unknown usernames" vulnerability Moderate
CVE-2024-41952 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a Credited to livio-a
1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
CubeFS timing attack can leak user passwords High
CVE-2023-46739 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz Credited to AdamKorcz
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration Moderate
CVE-2023-3462 was published for github.com/hashicorp/vault (Go) Aug 1, 2023
ginuerzh/gost vulnerable to Timing Attack Moderate
CVE-2023-32691 was published for github.com/ginuerzh/gost (Go) May 22, 2023
IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic High
CVE-2023-26557 was published for github.com/binance-chain/tss-lib (Go) Apr 21, 2023
IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication Critical
CVE-2023-26556 was published for github.com/binance-chain/tss-lib (Go) Apr 21, 2023
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks Moderate
CVE-2023-25000 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Argo CD authenticated but unauthorized users may enumerate Application names via the API Moderate
CVE-2022-41354 was published for github.com/argoproj/argo-cd (Go) Mar 23, 2023
zhlu32 Credited to zhlu32
Answer has Observable Timing Discrepancy Moderate
CVE-2023-1538 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer has Observable Response Discrepancy Moderate
CVE-2023-1540 was published for github.com/answerdev/answer (Go) Mar 21, 2023
OpenShift OSIN vulnerable to Observable Timing Discrepancy Moderate
CVE-2021-4294 was published for github.com/openshift/osin (Go) Dec 28, 2022
Atlantis Events vulnerable to Timing Attack High
CVE-2022-24912 was published for github.com/runatlantis/atlantis (Go) Jul 30, 2022
Observable Discrepancy in Argo Moderate
CVE-2020-11576 was published for github.com/argoproj/argo-cd (Go) Dec 9, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database